Common criteria evaluation

Common criteria
evaluationAs fast as possible

EAL4+ certification within 4 months!

Learn more
ElőzőKövetkező
1. slide 2. slide 3. slide

Common Criteria evaluation

Average Common Criteria certification projects will uphold you for 9 - 12 months. How about a freshly proven record for 4 months? We can half the project time using quick and agile methodology.

Get in touch with us to run-down your CC projects AS FAST AS POSSIBLE.

Common Criteria evaluation

We work together with exceptionally satisfied customers, we’ve helped them to:

  • get the first Common Criteria EAL4+ EN 419 241-2 certificate
  • certify products based on both EN 419 241-2 and EN 419221-5
  • complete an EAL4+ composite smartcard evaluation (eID) based on JCOP platform
  • acquire a complex CEP encryption certification within 4 months
I’m interested

CCLab is a FIDO Accredited Security Laboratory!

FIDO currently accredits Security Labs to perform FIDO Security Evaluations as part of Authenticator Level 2 and higher. Conforming your products by a laboratory builds trust thanks to the worldwide accepted certification.

Authenticator Certification Level 2 (L2) evaluates FIDO Authenticator protection against basic, scalable attacks. For L2, the Authenticator is required to conform to solution included in FIDO allowed Restricted Operating Environment and Allowed Cryptography lists as part of the Authenticator Security Requirements.

How people use FIDO:

  • Security key
  • Fingerprint
  • Facial recognition
  • Voice
CCLab is a FIDO Accredited Security Laboratory!

Multiple benefits:

  • Mitigate data breach risks and damages
  • Deploy FIDO-enabled services to a rapidly growing addressable market
  • Low-friction user experience = more site visitors, brand affinity, employee productivity
  • The certification program ensures interoperability and security across your supply chain
  • Standards-based approach future-proofs your authentication investment
  • Huge cost-savings through avoidance of password resets, device provisioning, customer support
Learn more about fido

Smart Meter: Intelligent Measurement Device

Smart meters provide real-time information about energy usage for Public Utility Providers. This metering technology guarantees that continuous data is securely available for consumers and providers as well. CCLab is one of the first laboratories you can consult to evaluate smart devices within this industry.

Smart Meter: Intelligent Measurement Device

Properties of a Smart Meter:

  • Typically record energy hourly or more frequently, and report at least daily.
  • Two-way communication between the meter and the central system.
  • Communications from the meter to the network may wireless, or wired (e.g. power line carrier).
    Wireless communication options in common use (Wifi, mesh, LORA, etc.).
  • Communication Protocols: IEC 61107/ IEC 62056, Open Smart Grid Protocol (OSGP), TCP/IP
Care about the concept

We can help you

Complete certification and lifecycle management

Web Application Security

Common criteria evaluation

Swiss smart metering

Fido certification

Web Application SecurityWeb Application Security

CCLab proposes a step-by-step approach to its clients. The target security level can be reached on an increasing basis: first solving the most aching problems, then strengthening the security of the IT system gradually. During security evaluations we follow a methodology based on our Common Criteria evaluation experience.

“To be effective, Application Security” needs to cover the entire product development lifecycle: from design to implementation and testing - including training:

  • Security by design
    BCM consulting, BCP and DRP creation, UAC (User Acceptance Test) and security testing design and management, site security screening
  • Secure coding training
    Java, JavaScript, C, C++, C#, Python
  • Vulnerability assessment
    Using Flaw Hypothesis Methodology to analyse the operation and reveal possible vulnerabilities.
  • Penetration testing
    Our methodology is broader than ethical hacking, as it has expanded from our systematic evaluation methodology, which focuses on practical implementation. (conceptual black box testing, gray box testing and white box testing)
  • Hardening
    Examples of errors that can be corrected during hardening: lack of input validation (SQLi, XSS, RFI, LFI); bypassing of entitlement levels; weakly or poorly implemented cryptographic algorithms; memory management problems (Buffer Overflow), session management issues (session fixation, replay attack); vulnerabilities due to incorrect configuration.
  • Security audit
    This is a full site inspection which involves recognizing human behavioural patterns; examining areas in accordance with regulations; observing and enforcing security measures and deception, distraction; human behavioural change and social engineering techniques by applying information security awareness control.

For mobile applications CCLab proposes to follow the OWASP Mobile Application Security Verification Standard. The evaluation process is based on MASVS-L1 Standard Security level and additionally extended to MASVS-L2 Defense-in-Depth level.

contact us

Common criteria evaluationCommon criteria evaluation

CCLab offers evaluation services for Common Criteria conformance. . Evidence for the software security shall be provided through the Evaluation and Certification according to the standards of the internationally recognized Common Criteria (CC) Certification Scheme. CCLab is licensed under the Italian Scheme (OCSI), which is part of CCRA and SOGIS as well. Our license is valid up to the Evaluation Assurance Level (EAL) 4+.

CCLab is also experienced in Common Criteria Consultations.

We can help if you require a Certificate under a National Scheme, or you look for a CC expert, who can help to get over the difficulties of certification.

Our Laboratory staff is highly experienced, involved in Common Criteria evaluations for more than a decade. We have already evaluated products for example in the following fields:

  • remote Qualified Electronic Signatures and Seals (referred to collectively as QES) service according to eIDAS Regulation No 910/2014 at Sole Control Assurance Level 2 (SCAL2) according to EN 419241-1,
  • composite evaluations based on a SmartCard platform for contact/contactless smart card with ePassport application as a whole ‘travel document’ (Machine Readable Electronic Document) and Qualified Signature Creation Device (QSCD) Java Card™ applet,
  • high performance, low latency, multi-layer encryption appliance with web-based management software,
  • Disk Sanitizing software application what provides Sensitive Data Protection,
  • PKI based mobile ID solution for authentication server system for mobile-based second-factor authentication.

We can support you instantly. We use agile methodologies and toolsets imported from software development in project management and customer development. Thanks to our improved process EAL4+ certification is achievable within 4 months!

If you are not sure whether your product fits for a Common Criteria Certification, we offer Pre-evaluation services to prepare you for the Evaluation, in order to avoid delays and additional costs during the certification process. During pre-evaluation, our Consultants will evaluate the already existing documentation, help to define a Protection Profile or create a Security Target and will identify areas of non-conformance, or unmet criteria. We are looking forward to discussing your exact needs.

contact usMore about Common Criteria

Swiss smart meteringSwiss smart metering

The Smart Meter is an Intelligent Measurement Device which periodically records the measured values and sends the data encrypted to the Service Provider.

These devices need to be evaluated by an evaluation Laboratory, and need to be certified by METAS from 01.01.2020 according to Prüfmethodologie (Test Methodology for Execution of Data Security Evaluation of Swiss Smart Metering Components).

CCLAB evaluation methodology strictly follows the latest version of Pruefmethodologie issued by SWISSMIG.

The scope of evaluation methodology is based on the fulfilment of the requirements of the main components (HK):

  • Smart metering device (iMG)
  • Communication System (KS; Data concentrator (DC), other Gateway (GW))
  • Head End System (HES) through the respective test object (ToE or PG)

A ToE contains at least one iMG and a HES.

The evaluation process is divided to two parts, document evaluation and penetration testing. The document evaluation consists of the following parts:

  • IT-Security concept evaluation: 2-3 days
  • Product development, architecture, functionality documentation evaluation: 3-4 days
  • Product lifecycle document evaluation: 1 day

This is usually followed by an iteration, during which the manufacturer corrects the findings of the Laboratory.

Then comes the Penetration testing:

  • Penetration tests on the test site: 10-12 days

If you are interested,
contact us

Fido certificationFido certification

CCLAB is one of the 12 laboratories in the world that can issue FIDO certification in Authenticator Certification Level 2.

L2 evaluates FIDO Authenticator protection against basic, scalable attacks.

Authenticator Certification Level 1 is for:
any device HW or SW must defend against phishing, server credential breaches and MiTM attacks (better than passwords).

Authenticator Certification Level 1+ is for:
any device HW or SW should apply White Box Cryptography to defend against OS compromise.

At Authentication Certification Level 2:
the device must support allowed Restricted Operating Environment (ROE) (e.g. TEE, Secure Element), or intrinsically be a ROE (e.g. a USB token or Smart Card). It must defend against device OS compromise.

FIDO Authenticator Certification examples

  • L1 - Downloaded app making use of Touch ID in iOS
  • L1 - FIDO2 making use of the Android keystore. Keystore is not certified
  • L1 - FIDO2 built into a downloadable web browser app
  • L1+ - U2F in a downloadable app using white box and other techniques
  • L2 - UAF implemented as a TA in an uncertified TEE
  • L2+ - FIDO2 making use of the Android keystore. Keystore runs in a TEE that is certified at L2+

Did FIDO spark your interest?
contact us

ElőzőKövetkező
CCLAB is the first security lab in the world in many ways
February 17, 2020 Kamilla

We realized there has been a race amongst the world’s leading security labs for being the first in this and that. After evaluating 2019 we proudly ...

Read more ›
New Protection Profile for Smart Meters
January 16, 2020 Kamilla

CCLAB is one of the leading smart metering specialist Common Criteria labs in the world. Being a global market access service provider CCLAB welcomes ...

Read more ›
METAS Certification required in Switzerland
December 30, 2019 Kamilla

Manufacturers have to apply for certification according to the Prüfmethodologie, inspection is to be done by independent laboratories.

Read more ›
Certification scheme under the Cyber Security Act
December 03, 2019 Jonatan

Being a member of the Ad Hoc Working Group Gábor will represent CCLAB and Hungary on the highest professional level.

Read more ›
Trident HSM Certification
August 23, 2019 Jonatan

Trident HSM is the second Signature Activation Module we have evaluated which achieved eIDAS conformity.

Read more ›
FIDO Accreditation
August 22, 2019 Jonatan

CCLab has joined the FIDO Alliance.

Read more ›
ADSS Server SAM
February 14, 2019 Jonatan

ADSS Server SAM successfully complies the eIDAS regulation.

Read more ›

Meet us here

ElőzőKövetkező
Meet our CTO in Munich 2020.04.16
April 16, 2020 Kamilla

The second meeting of 2020 of ISCI WG1 will be held on the 16th of April in Munich.

Read more ›
Meet our CTO in Hamburg 2020.02.12
February 12, 2020 Kamilla

The first meeting of 2020 of ISCI WG1 will be held on the 12th of February in Hamburg.

Read more ›
Swissmig Conference 2019.11.08.
November 08, 2019 Kamilla

Meet CCLAB's experts at the 6th Swiss Smart Metering Conference and Exhibition.

Read more ›

Selected references

Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom

Client testimonials

Előző Következő
Ascertia, ADSS Server SAM

"On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service."

Israr Ahmed Ascertia Ltd.
Hid

The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.

Dayton MARCUCCI Senior Director – Embedded Sofware and Middleware HID Global
skidsoulutions

We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.

Kalev Pihl CEO SK ID Solutions
I4P Informatics Ltd.

Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.

Zsolt Rózsahegyi CEO I4P Informatics Ltd.

Contact US

  • +36 20 248 7670 info@cclab.hu
  • Budapest

    H-1137 Budapest,
    Katona József utca 17.

  • Debrecen

    H-4025 Debrecen,
    Piac utca 45-47.

  • Budapest

    H-1134 Budapest, DC Offices,
    Váci út 49. VI. em.

Budapest

H-1137 Budapest,
Katona József utca 17.

Debrecen

H-4025 Debrecen,
Piac utca 45-47.

Budapest

H-1134 Budapest,
Váci út 49. VI. em.

Laboratory accreditations

ocsi

CCLab is an internationally acknowledged eva-luation facility under the Italian Common Criteria Scheme.

Our certification was issued by OCSI (Organismo di Certificatione della Sicurezza Informatica) under the registration number: No. 1/2018 with the official name

accreditations

CCLab is an acknowledged testing laboratory. Our Laboratory accredited by NAH (Nemzeti Akkreditáló Hatóság) under the number: NAH-1-1815/2017

fido

CCLab is accredited by the FIDO Alliance to perform Level 2 Authenticator Security Evaluations.

CCLab is accredited in accordance with the FIDO lab policy under the number: Certificate No. LA01010020190325001

CCLab Ltd. © 2020 - All rights reserved
Cookie policy
This website uses cookies just to track visits to our website, we store no personal details.
By using our site, you agree to our cookie policy.
You can read more about CCLab's data processing methods in the Privacy Policy.
Ok
Linkedin Up